P
US9992015B2ActiveUtilityPatentIndex 67

Method and apparatus for providing a scalable service platform using a network cache

Assignee: NOKIA TECHNOLOGIES OYPriority: Jun 30, 2009Filed: Apr 30, 2013Granted: Jun 5, 2018
Est. expiryJun 30, 2029(~3 yrs left)· nominal 20-yr term from priority
Inventors:FU YANVEPSALAINEN ARI MAARNIO ARI ANTEROVIMPARI MARKKU KALEVILAITINEN PEKKA JOHANNES
H04L 9/0822H04L 2209/60H04L 9/08H04L 2209/80
67
PatentIndex Score
5
Cited by
26
References
20
Claims

Abstract

An approach is provided for building a scalable service platform by initiating transmission of encrypted data from a public network cache. An access control server platform determines a first authorization key for a user and a second authorization key for a resource, and then encrypts the resource with the second authorization key, and encrypts the second authorization key with the first authorization key. The access control server platform initiates distribution of the encrypted second authorization key with the encrypted resource over a network. The access control server platform further initiates caching the encrypted second authorization key with the encrypted resource that meets a predefined threshold value (e.g., a data size, an access frequency, a modification frequency, or an auditing requirement) in a cache in the network, and initiates transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 encrypting, utilizing at least one processor, a resource with a second authorization key,
 wherein the resource is encrypted with the second authorization key through an access control service platform to include information specifying a user entity is permitted to decrypt the encrypted resource, 
 wherein the second authorization key is not specific to the user identity, 
 wherein the second authorization key includes a protocol specific hash associated with the resource, 
 wherein the resource is identified with the user identity through the user entity uploading the resource to the access control service platform, 
 wherein information identifying the user entity is included in a header of a packet including the encrypted resource; 
 
 encrypting data known to the user entity with the second authorization key; 
 determining a first authorization key for the user entity through the access control service platform; 
 encrypting, utilizing the at least one processor, the second authorization key with the first authorization key,
 wherein the first authorization key is configured to be utilized by the user entity, 
 wherein the first authorization key is generated based on a previous registration of the user entity with the access control service platform; 
 
 initiating a distribution, to the user entity, of the encrypted resource with the encrypted second authorization key,
 wherein the distribution further includes the encrypted data, the encrypted second authorization key is decrypted with the first authorization key, the encrypted data is decrypted with the decrypted second authorization key, and the encrypted resource is decrypted with the decrypted second authorization key when the decrypted data matches with the data known to the user entity; and 
 
 initiating a caching of the encrypted second authorization key with the encrypted resource in a network cache located, remote from an origin point of the distribution, on a network path. 
 
     
     
       2. The method according to  claim 1 ,
 wherein the hash is specific to the MD5 protocol, 
 wherein the network path is a path data travels during the distribution. 
 
     
     
       3. The method according to  claim 1 ,
 wherein at least one of the network cache and the network path are on a public network. 
 
     
     
       4. The method according to  claim 1 , wherein the user entity is an owner of the resource, a contact of the owner, or a social group of the owner and wherein members of the social group share an identical first authorization key specific for the social group. 
     
     
       5. The method according to  claim 1 , further comprising:
 determining a third authorization key for a second user entity, wherein the encrypted second authorization key is further configured to be decrypted with the third authorization key and the information further indicates the second user entity. 
 
     
     
       6. The method according to  claim 1 , wherein the distribution is to at least a server, the method further comprising:
 initiating caching of the encrypted second authorization key with the encrypted resource in a cache of the server; and 
 initiating transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity. 
 
     
     
       7. The method according to  claim 6 , further comprising:
 initiating a distribution of an access rights filter (ARF) to the server, the ARF being configured to determine access rights of the at least one authorized entity according to one or more authorization keys, wherein the server determines access rights of the at least one authorized entity based on the ARF. 
 
     
     
       8. An apparatus comprising:
 at least one processor; and 
 at least one memory including computer program code,
 wherein the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following:
 encrypt a resource with a second authorization key,
 wherein the resource is encrypted with the second authorization key through an access control service platform to include information specifying a user entity is permitted to decrypt the encrypted resource, 
 wherein the second authorization key is not specific to the user identity, 
 wherein the second authorization key includes a protocol specific hash associated with the resource, 
 wherein the resource is identified with the user identity through the user entity uploading the resource to the access control service platform, 
 wherein information identifying the user entity is included in a header of a packet including the encrypted resource, 
 
 encrypt data known to the user entity with the second authorization key, 
 determine a first authorization key for the user entity through the access control service platform, 
 encrypt the second authorization key with the first authorization key,
 wherein the first authorization key is configured to be utilized by the user entity, 
 wherein the first authorization key is generated based on a previous registration of the user entity with the access control service platform, 
 
 initiate a distribution, to the user entity, of the encrypted resource with the encrypted second authorization key,
 wherein the distribution further includes the encrypted data, the encrypted second authorization key is decrypted with the first authorization key, the encrypted data is decrypted with the decrypted second authorization key, and the encrypted resource is decrypted with the decrypted second authorization key when the decrypted data matches with the data known to the user entity, and 
 
 initiate a caching of the encrypted second authorization key with the encrypted resource in a network cache located, remote from an origin point of the distribution, on a network path. 
 
 
 
     
     
       9. The apparatus of  claim 8 ,
 wherein the hash is specific to the MD5 protocol, 
 wherein the network path is a path data travels during the distribution. 
 
     
     
       10. The apparatus of  claim 8 ,
 wherein at least one of the network cache and the network path are on a public network. 
 
     
     
       11. The apparatus of  claim 8 , wherein the user entity is an owner of the resource, a contact of the owner, or a social group of the owner and wherein members of the social group share an identical first authorization key specific for the social group. 
     
     
       12. The apparatus of  claim 8 , wherein the apparatus is further caused to:
 determine a third authorization key for a second user entity, wherein the encrypted second authorization key is further configured to be decrypted with the third authorization key and the information further indicates the second user entity. 
 
     
     
       13. The apparatus of  claim 8 , wherein the distribution is to at least a server and the apparatus is further caused to:
 initiate caching of the encrypted second authorization key with the encrypted resource in a cache of the server, and 
 initiate transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity. 
 
     
     
       14. The apparatus of  claim 13 , wherein the apparatus is further caused to:
 initiate a distribution of an access rights filter (ARF) to the server, the ARF being configured to determine access rights of the at least one authorized entity according to one or more authorization keys, wherein the server determines access rights of the at least one authorized entity based on the ARF. 
 
     
     
       15. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to perform at least the following:
 encrypting, utilizing at least one processor, a resource with a second authorization key,
 wherein the resource is encrypted with the second authorization key through an access control service platform to include information specifying a user entity is permitted to decrypt the encrypted resource, 
 wherein the second authorization key is not specific to the user identity, 
 wherein the second authorization key includes a protocol specific hash associated with the resource, 
 wherein the resource is identified with the user identity through the user entity uploading the resource to the access control service platform, 
 wherein information identifying the user entity is included in a header of a packet including the encrypted resource; 
 
 encrypting data known to the user entity with the second authorization key 
 determining a first authorization key for the user entity through the access control service platform; 
 encrypting, utilizing the at least one processor, the second authorization key with a first authorization key,
 wherein the first authorization key is configured to be utilized by the user entity, 
 wherein the first authorization key is generated based on a previous registration of the user entity with the access control service platform; 
 
 initiating a distribution, to the user entity, of the encrypted resource with the encrypted second authorization key,
 wherein the distribution further includes the encrypted data, the encrypted second authorization key is decrypted with the first authorization key, the encrypted data is decrypted with the decrypted second authorization key, and the encrypted resource is decrypted with the decrypted second authorization key when the decrypted data matches with the data known to the user entity; and 
 
 initiating a caching of the encrypted second authorization key with the encrypted resource in a network cache located, remote from an origin point of the distribution, on a network path. 
 
     
     
       16. The non-transitory computer-readable storage medium of  claim 15 ,
 wherein information identifying the user entity is included in a header of a packet including the encrypted resource, 
 wherein the resource is identified with the user identity through the user entity uploading the resource to the access control service platform 
 wherein the hash is specific to the MD5 protocol, 
 wherein the network path is a path data travels during the distribution. 
 
     
     
       17. The non-transitory computer-readable storage medium of  claim 15 ,
 wherein at least one of the network cache and the network path are on a public network. 
 
     
     
       18. The non-transitory computer-readable storage medium of  claim 15 , wherein the user entity is an owner of the resource, a contact of the owner, or a social group of the owner and wherein members of the social group share an identical first authorization key specific for the social group. 
     
     
       19. The non-transitory computer-readable storage medium of  claim 15 , wherein the apparatus is caused to further perform:
 determining a third authorization key for a second user entity, wherein the encrypted second authorization key is further configured to be decrypted with the third authorization key and the information further indicates the second user entity. 
 
     
     
       20. The non-transitory computer-readable storage medium of  claim 15 , wherein the distribution is to at least a server and the apparatus is caused to further perform:
 initiating caching of the encrypted second authorization key with the encrypted resource in a cache of the server; and 
 initiating transmission of the cached and encrypted second authorization key with the cached and encrypted resource from the cache to at least one authorized entity; and 
 initiating a distribution of an access rights filter (ARF) to the server, the ARF being configured to determine access rights of the at least one authorized entity according to one or more authorization keys, wherein the server determines access rights of the at least one authorized entity based on the ARF.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.